well im trying to intercept AP signal transmitting around my home i found out with wireshark that its colubris Access point its hidden completely i can't find it via airodump or anything just wireshark ....

searched on google for while found out its the most security over wireless access points so....in real life like this im just intercepting communication between two spots the user i think and man in the middle and the access point how to connect to this access point ??

If you use kismet (Linux) you should see it, typically, IF someone else attaches to it and uses it. While SSID's aren't broadcast when they're hidden, they still HAVE to transmit in the packets, with authenticated machines / machines that KNOW about the AP, to talk to it, and kismet will then pick them up.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

hayabusa wrote:If you use kismet (Linux) you should see it, typically, IF someone else attaches to it and uses it. While SSID's aren't broadcast when they're hidden, they still HAVE to transmit in the packets, with authenticated machines / machines that KNOW about the AP, to talk to it, and kismet will then pick them up.

ya buddy i know that but i believe they sending to each others in encrypted data

but the question can't i connect to any access point with just the mac ?

and what if no one appear to connected to it not in kismet at least !! ?

You could force a deauthentication against an already authenticated client, and get the SSID that way (that's how I would get the SSID, by forcing a client to resend the SSID in an authentication packet.) This is also how you go about speeding the process with WEP cracking, etc, as you need enough weak IV's to crack the key, and by deauth'ing attached clients, repeatedly, you force them to resend the SSID and data enough to crack it.

That way, because the client is not yet associated, fully, with the AP's encryption in play, the SSID will be transmitted in the clear, as it would anytime a new client would associate to the AP.

Edit: To answer your last queston:

and what if no one appear to connected to it not in kismet at least !! ?

IF nobody's connected, yet, and you don't already have the SSID, you'll have to wait until someone tries to connect...

Last edited by hayabusa on Fri Jun 17, 2011 11:13 am, edited 1 time in total.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

hayabusa wrote:You could force a deauthentication against an already authenticated client, and get the SSID that way (that's how I would get the SSID, by forcing a client to resend the SSID in an authentication packet.) This is also how you go about speeding the process with WEP cracking, etc, as you need enough weak IV's to crack the key, and by deauth'ing attached clients, repeatedly, you force them to resend the SSID and data enough to crack it.

That way, because the client is not yet associated, fully, with the AP's encryption in play, the SSID will be transmitted in the clear, as it would anytime a new client would associate to the AP.

Edit: To answer your last queston:

and what if no one appear to connected to it not in kismet at least !! ?

IF nobody's connected, yet, and you don't already have the SSID, you'll have to wait until someone tries to connect...

when im sniffing with wireshark i see communication happining with 3 sides i think with that access point but with airodunp or kismet u dont see anything how is that possible that there's some one connecting to this AP but doesn't appear on airodump ??

and if that was encrypted video streaming ...wireshark doen't decrypt that

ok the colubris networks if u searched google its new technology for wireless access points security purposes . when i capture it via wireshark i can get the device name and mac address ofcourse airodump getting the mac address but ...with channel 128 and changing everytime

some times i can see the channel with number 134 and if i scanned again i can see the channel 132 every time changes and some times fixed to 134 dunno wat kina of channels is this

about the ESSID its length 0 so it hidden authentication is open

no clients connected i think , i guess wireshark got that name while broadcasting its becon

i got pdf from google for colubris networks , and found its configuration and i think the only way to login to this AP via this site https://www.wifi-soft.net/wifilan/ , and if u want to login from another method would be LAN or WAN

I don't think you ever said, how did you first come across said signal. did it just show up?

Are you sure it's even out there, and you're not just looking at a client trying to associate with something?

Those channel numbers make no sense. that's not the wifi range.

If it is hidden there wouldn't be a broadcast beacon. It would need a client trying to connect to it.

I would, if you have the hardware and time, set up your equipment in with airodump running, and writing to a file, let it run for a few days, and then go back through all the data. Again, airodump, with your card set in promiscuous mode will see all the radio waves in use around, you which would include that access point, or it's clients.

chrisj wrote:I don't think you ever said, how did you first come across said signal. did it just show up?

Are you sure it's even out there, and you're not just looking at a client trying to associate with something?

Those channel numbers make no sense. that's not the wifi range.

If it is hidden there wouldn't be a broadcast beacon. It would need a client trying to connect to it.

I would, if you have the hardware and time, set up your equipment in with airodump running, and writing to a file, let it run for a few days, and then go back through all the data. Again, airodump, with your card set in promiscuous mode will see all the radio waves in use around, you which would include that access point, or it's clients.

ok you right , if its hidden then there wouldn't be any broadcast from becon , but i think i found out wat is this >>

its a surveillance cameras AP i saw it with my own eyes , searched google for a picture and it was the same , it was hanging out there beside surveillance cameras dunno about the channels , or how its hidden but i guess its a hell of a Security for AP